fix(ci): inject DATABASE_SSL=false into dev env file before restarting services#986
Merged
zbigniewsobiecki merged 1 commit intodevfrom Mar 23, 2026
Merged
fix(ci): inject DATABASE_SSL=false into dev env file before restarting services#986zbigniewsobiecki merged 1 commit intodevfrom
zbigniewsobiecki merged 1 commit intodevfrom
Conversation
…g services PR #979 tightened DB SSL defaults to rejectUnauthorized: true, but the dev database uses a self-signed certificate. The deploy workflow already passed DATABASE_SSL=false to one-off migration containers via -e flags, but the long-running router and dashboard containers read their env from /opt/services/cascade-dev.env — which never had this variable set. Result: every router startup since that PR crashed at seedAgentDefinitions with "self-signed certificate in certificate chain" before the process could serve any traffic. Add an idempotent step (sed removes any existing line, echo appends the correct value) that runs once per deploy, before docker compose restarts both services. Since both containers share the same env_file, a single write fixes both the router and the dashboard. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
After PR #979 tightened DB SSL defaults to
rejectUnauthorized: true, the dev router began crashing at every startup with:Root cause: The deploy workflow correctly added
-e DATABASE_SSL=falseto the one-off migration containers (commitd6bbf6ca), but the long-runningcascade-router-devandcascade-dashboard-devcontainers read their environment from/opt/services/cascade-dev.envviaenv_filein docker compose — and that file never hadDATABASE_SSL=falseadded.Fix
Add a single idempotent step before the router/dashboard restart that writes
DATABASE_SSL=falseinto the shared env file:Because both containers share the same
env_file, this one write fixes both services on every deploy going forward.Test plan
dev→ workflow runs → "Configure DATABASE_SSL" step passesself-signed certificateerrorseedAgentDefinitionscompletes successfully in router logs🤖 Generated with Claude Code